The FreeBSD Project

The release notes for FreeBSD 5.3-RELEASE contain a summary of the changes made to the
FreeBSD base system since 5.2.1-RELEASE. This document lists applicable security
advisories that were issued since the last release, as well as significant changes to the
FreeBSD kernel and userland. Some brief remarks on upgrading are also presented.

This document contains the release notes for FreeBSD 5.3-RELEASE on the NEC PC-98x1
hardware platform. It describes recently added, changed, or deleted features of FreeBSD.
It also provides some notes on upgrading from previous versions of FreeBSD.

All users are encouraged to consult the release errata before installing FreeBSD. The
errata document is updated with ``late-breaking'' information discovered late in the
release cycle or after the release. Typically, it contains information on known bugs,
security advisories, and corrections to documentation. An up-to-date copy of the errata
for FreeBSD 5.3-RELEASE can be found on the FreeBSD Web site.

This section describes the most user-visible new or changed features in FreeBSD since
5.2.1-RELEASE. In general, changes described here are unique to the 5-STABLE branch
unless specifically marked as [MERGED] features.

Typical release note items document recent security advisories issued after
5.3-RELEASE, new drivers or hardware support, new commands or options, major bug fixes,
or contributed software upgrades. They may also list changes to major ports/packages or
release engineering practices. Clearly the release notes cannot list every single change
made to FreeBSD between releases; this document focuses primarily on security advisories,
user-visible changes, and major architectural improvements.

A bug in mksnap_ffs(8)
has been fixed; it caused the creation of a file system snapshot to reset the flags on
the file system to their default values. The possible consequences depended on local
usage, but could include disabling extended access control lists or enabling the use of
setuid executables stored on an untrusted file system. This bug also affected the dump(8)-L option, which uses mksnap_ffs(8).
Note that mksnap_ffs(8) is
normally only available to the superuser and members of the operator group. For more information, see security advisory FreeBSD-SA-04:01.

A bug with the System V Shared Memory interface (specifically the shmat(2) system
call) has been fixed. This bug can cause a shared memory segment to reference unallocated
kernel memory. In turn, this can permit a local attacker to gain unauthorized access to
parts of kernel memory, possibly resulting in disclosure of sensitive information, bypass
of access control mechanisms, or privilege escalation. More details can be found in
security advisory FreeBSD-SA-04:02. [MERGED]

A programming error in the jail_attach(2)
system call has been fixed. This error could allow a process with superuser privileges
inside a jail(8)
environment to change its root directory to that of a different jail, and thus gain full
read and write access to files and directories within the target jail. More information
can be found in security advisory FreeBSD-SA-04:03.

A potential low-bandwidth denial-of-service attack against the FreeBSD TCP stack has
been prevented by limiting the number of out-of-sequence TCP segments that can be held at
one time. More details can be found in security advisory FreeBSD-SA-04:04. [MERGED]

A bug in OpenSSL's SSL/TLS ChangeCipherSpec message
processing that could result in a null pointer dereference has been fixed. This could
allow a remote attacker to crash an OpenSSL-using application
and cause a denial-of-service on the system. More details can be found in security
advisory FreeBSD-SA-04:05. [MERGED]

A programming error in the handling of some IPv6 socket options within the setsockopt(2)
system call has been fixed. This allows a local attacker to cause a system panic, and may
allow unauthorized access to parts of kernel memory, possibly resulting in disclosure of
sensitive information, bypass of access control mechanisms, or privilege escalation. More
details can be found in security advisory FreeBSD-SA-04:06.

Two programming errors in CVS have been fixed. They allow a
server to overwrite arbitrary files on the client, and a client to read arbitrary files
on the server when accessing remote CVS repositories. More details can be found in
security advisory FreeBSD-SA-04:07. [MERGED]

A bugfix for Heimdal rectifies a problem in which it would
not perform adequate checking of authentication across autonomous realms. For more
information, see security advisory FreeBSD-SA-04:08. [MERGED]

A programming error in CVS which could allow a malicious
client to overwrite arbitrary portions of the server's memory has been fixed. For more
information, see security advisory FreeBSD-SA-04:10. [MERGED]

A potential cache consistency problem of the implementation of the msync(2) system
call involving the MS_INVALIDATE operation has been fixed.
However, as a side effect of closing this security problem, the MS_INVALIDATE flag no longer guarantees that all pages in the range
are invalidated. Users who require the old semantics of MS_INVALIDATE and are not concerned with the security issue being
fixed can set the vm.old_msync sysctl to 1 which will revert
to the old (insecure) behavior. For more information, see security advisory FreeBSD-SA-04:11. [MERGED]

A programming error in the jail(2) system
call which results in a failure to verify that an attempt to manipulate routing tables
originated from a non-jailed process has been fixed. For more information, see security
advisory FreeBSD-SA-04:12. [MERGED]

A programming error in the handling of some Linux system calls which may result in
memory locations being accessed without proper validation has been fixed. For more
information, see security advisory FreeBSD-SA-04:13. [MERGED]

A number of programming errors in CVS which allow
information disclosure, denial-of-service, or possibly arbitrary code execution, have
been fixed via an upgrade to CVS 1.11.17. For more
information, see security advisory FreeBSD-SA-04:14.

A bug in the CONS_SCRSHOTioctl(2) has
been fixed; it may allow unauthorized access to parts of kernel memory, possibly
resulting in disclosure of sensitive information, bypass of access control mechanisms, or
privilege escalation. For more information, see security advisory FreeBSD-SA-04:15.

ADAPTIVE_MUTEXES has been added and enabled by default.
This changes the behavior of blocking mutexes to spin if the thread that currently owns
the mutex is executing on another CPU. This feature can be disabled explicitly by setting
a kernel option NO_ADAPTIVE_MUTEXES.

A kernel option ADAPTIVE_GIANT, which causes the Giant lock
to also be treated in an adaptive fashion when adaptive mutexes are enabled, has been
added. This improves the performance of SMP machines and is enabled by default on the
i386.

The bus_dma(9)
interface now supports transparently honoring the alignment and boundary constraints in
the DMA tag when loading buffers, and bus_dmamap_load()
will automatically use bounce buffers when needed. In addition, a set of sysctls hw.busdma.* for bus_dma(9)
statistics has been added.

The contigmalloc(9)
function has been reimplemented with an algorithm which stands a greatly-improved chance
of working despite pressure from running programs. The old algorithm can be used by
setting a sysctl vm.old_contigmalloc. More details can be
found in the contigmalloc(9)
manual page.

The hw.pci.allow_unsupported_io_range loader tunable has
been removed.

jail(2) now
supports the use of raw sockets from within a jail. This feature is disabled by default,
and controlled by using the security.jail.allow_raw_sockets
sysctl.

kqueue(2) now
supports a new filter EVFILT_FS to be used to signal generic
file system events to the user space. Currently, mount, unmount, and up/down status of
NFS are signaled.

KDB, a new debugger framework, has been added. This consists of a new GDB backend,
which has been rewritten to support threading, run-length encoding compression, and so
on, and the frontend that provides a framework in which multiple, different debugger
backends can be configured and which provides basic services to those backends. The
following options have been changed:

KDB is enabled by default via the kernel options options
KDB, options GDB, and options
DDB. Both DDB and GDB specify
which KDB backends to include.

WITNESS_DDB has been renamed to WITNESS_KDB.

DDB_TRACE has been renamed to KDB_TRACE.

DDB_UNATTENDED has been renamed to KDB_UNATTENDED.

SC_HISTORY_DDBKEY has been renamed to SC_HISTORY_KDBKEY.

DDB_NOKLDSYM has been removed. The new DDB backend supports
pre-linker symbol lookups as well as KLD symbol lookups at the same time.

GDB_REMOTE_CHAT has been removed. The GDB protocol hacks to
allow this are FreeBSD specific. At the same time, the GDB protocol has packets for
console output.

KDB also serves as the single point of contact for any and all code that wants to make
use of the debugger functions, such as entering the debugger or handling of the alternate
break sequence. For this purpose, the frontend has been made non-optional. All debugger
requests are forwarded or handed over to the current backend, if applicable. Selection of
the current backend is done by the debug.kdb.current sysctl. A
list of configured backends can be obtained with the debug.kdb.available sysctl. One can enter the debugger by writing
to the debug.kdb.enter sysctl.

A new sysctl debug.kdb.stop_cpus has been added. This
controls whether or not IPI (Inter Processor Interrupts) to other CPUs will be delivered
when entering the debugger, in order to stop them while in the debugger.

A new kernel option MAC_STATIC which disables internal MAC
Framework synchronization protecting against dynamic load and unload of MAC policies, has
been added.

The mac_bsdextended(4) policy can now apply only the
first matching rule instead of all matching rules. This feature can be enabled by setting
a new sysctl mac_bsdextended_firstmatch_enabled.

The mac_bsdextended(4) policy can now log failed
attempts to syslog's AUTHPRIV facility. This feature can be
enabled by setting a new sysctl mac_bsdextended_logging.

mballoc has been replaced with mbuma, an Mbuf and Cluster allocator built on top of a
number of extensions to the UMA framework. Due to this change, the NMBCLUSTERS kernel option is no longer used. The maximum number of
the clusters is still capped off according to maxusers, but it
can be made unlimited by setting the kern.ipc.nmbclusters
loader tunable to zero.

/dev/kmem, /dev/mem, and /dev/io are also provided as kernel loadable modules now.

A bug in mmap(2) that
could cause pages marked as PROT_NONE to become readable under
certain circumstances has been fixed. [MERGED]

A new kernel option MP_WATCHDOG has been added; it allows
one of the logical CPUs on a system to be used as a dedicated watchdog to cause a drop to
the debugger and/or generate an NMI to the boot processor if the kernel ceases to
respond. Several sysctls are available to enable the watchdog running out of the
processor's idle thread; a callout is launched to reset a timer in the watchdog. If the
callout fails to reset the timer for ten seconds, the timeout process will take place.
The debug.watchdog_cpu sysctl selects which CPU will run the
watchdog.

A sysctl debug.leak_schedlock has been added. This causes a
sysctl handler that incorrectly leaks the holding sched lock, to spin the lock in order
to trigger the watchdog provided by the MP_WATCHDOG
option.

A new loader tunable debug.mpsafenet has been added and
enabled by default. This causes the FreeBSD network stack to operate without the Giant
lock, resulting in performance improvement by increasing parallelism and decreasing
latency in network processing. Note that enabling one of the ng_tty(4)
Netgraph node type, KAME IPsec, and IPX/SPX subsystem results in a boot-time restoration
of Giant-enabled network operation, or run-time warning on dynamic load as these
components require Giant lock for correct operation.

A new kernel option NET_WITH_GIANT has been added. This
restores the default value of debug.mpsafenet to 0, and is
intended for use on systems compiled with known unsafe components, or where a more
conservative configuration is desired.

A new loader tunable debug.mpsafevm has been added. This
currently results in almost Giant-free execution of zero-fill page faults.

A devclass level has been added to the dev sysctl tree, in order to support per-class
variables in addition to per-device variables. This means that dev.foo0.bar is now called dev.foo.0.bar, and it is possible to to have dev.foo.bar as well.

A new sysctl, kern.always_console_output, has been added.
It makes output from the kernel go to the console despite the use of TIOCCONS.

A sysctl kern.sched.name which has the name of the
scheduler currently in use, has been added, and the kern.quantum sysctl has been moved to kern.sched.quantum for consistency.

Note: Although the pci(4) bus power
state management has been enabled by default, it may cause problems on some systems. This
can be disabled by setting the tunable hw.pci.do_powerstate to
0.

The ULE scheduler has been added as an additional scheduler. Note that the
conventional one, which is called 4BSD, is still used as the default scheduler in the GENERIC kernel. For the average user, interactivity is reported to
be better in many cases. This means less ``skipping'' and ``jerking'' in interactive
applications while the machine is very busy. This will not prevent problems due to
overloaded disk subsystems, but it does help with overloaded CPUs. On SMP machines, ULE
has per-CPU run queues which allow for CPU affinity, CPU binding, and advanced
HyperThreading support, as well as providing a framework for more optimizations in the
future. As fine-grained kernel locking continues, the scheduler will be able to make more
efficient use of the available parallel resources.

A linear search algorithm used in vm_map_findspace(9) has been replaced with an
O(log n) algorithm built into the map entry splay tree. This significantly reduces the
overhead in vm_map_findspace(9) for applications that mmap(2) many
hundreds or thousands of regions.

The loader tunables debug.witness_* have been renamed to
debug.witness.*.

The FreeBSD dynamic and static linker now support Thread Local Storage (TLS), a GCC feature which supports a __thread
modifier to the declaration of global and static variables. This extra modifier means
that the variable's value is thread-local; one thread changing its value will not affect
the value of the variable in any other thread.

The kernel's file descriptor allocation code has been updated, and is now derived from
similar code in OpenBSD.

The raid(4) driver (RAIDframe disk driver from NetBSD) has
been removed. It is currently non-functional, and would require some amount of work to
make it work under the geom(4) API in
5-CURRENT.

The pcic(4) driver
is no longer maintained and has been removed from the GENERIC
kernel configuration file. The entry had actually been commented out for a long time.

The sx driver, which supports Specialix I/O8+ and I/O4+
intelligent multiport serial controllers, has been added.

The ubser(4) device
driver has been added to support BWCT console management serial adapters.

ucycom(4) driver
has been added for the Cypress CY7C637xx and CY7C640/1xx families of USB to RS232
bridges, such as the one found in the DeLorme Earthmate USB GPS receiver (which is the
only device currently supported by this driver). This driver is not complete because
there is no support yet for flow control and output.

The device driver infrastructure and many drivers have been updated. Among the
changes: many more drivers now use automatically-assigned major numbers (instead of the
old static major numbers); enhanced functions have been added to support cloning of
pseudo-devices; several changes have been made to the driver API, including a new d_version field in struct cdevsw. Note
that third-party device drivers will require recompiling after this change.

The sound(4)
(formerly pcm(4)) driver
has been modified to read /boot/device.hints on startup, to
allow setting of default values for mixer channels. Note that currently the device
driver's name used in /boot/device.hints is still pcm. More detailed information and examples can be found in the sound(4) manual
page.

A short hiccup in the em(4) driver during
parameter reconfiguration has been fixed. [MERGED]

The fwip(4) driver,
which supports IP over FireWire, has been added. Note that currently the broadcast
channel number is hardwired and MCAP for multicast channel allocation is not supported.
This driver is intended to conform to the RFC 2734 and RFC 3146 standard for IP over
FireWire and eventually replace the fwe(4)
driver.

fxp(4) now uses
the device sysctl tree such as dev.fxp0, and those sysctls can
be set on a per-device basis.

fxp(4) now
provides actual control over its capability to receive extended Ethernet frames,
indicated by the VLAN_MTU interface capability. It can be
toggled from userland with the aid of the vlanmtu and -vlanmtu options to ifconfig(8).

The hea (Efficient Networks, Inc. ENI-155p ATM adapter)
driver has been removed due to breakage. Its functionality has been subsumed into the en(4) driver.

The hme(4) driver
now natively supports long frames, so it can be used for vlan(4) with
full Ethernet MTU size.

The hme(4) driver
now supports TCP/UDP Transmit/Receive checksum offload. Since hme(4) does not
compensate the checksum for UDP datagram which can yield to 0x0, UDP transmit checksum offload is disabled by default. This can
be reactivated by setting the special link option link0 with ifconfig(8).

ipfw(4) rules
now support the versrcreach option to verify that a valid
route to the source address of a packet exists in the routing table. This option is very
useful for routers with a complete view of the Internet (BGP) in the routing table to
reject packets with spoofed or unroutable source addresses. For example,

deny ip from any to any not versrcreach

is equivalent to the following in Cisco IOS syntax:

ip verify unicast source reachable-via any

ipfw(4) rules
now support the antispoof option to verify that an incoming
packet's source address belongs to a directly connected network. If the network is
directly connected, then the interface on which the packet came in is compared to the
interface to which the network is connected. When the incoming interface and the directly
connected interface are not the same, the packet does not match. For example:

deny ip from any to any not antispoof in

ipfw(4) rules
now support the jail option to associate the rule with a
specific prison ID. For example:

count ip from any to any jail 2

Note that this rule currently applies for TCP and UDP packets only.

ipfw(4) now
supports lookup tables. This feature is useful for handling large sparse address sets.
[MERGED]

The ipfw(4)forward rule has to be compiled into the kernel with a kernel
option IPFIREWALL_FORWARD to enable it.

A new sysctl net.inet.ip.process_options has been added to
control the processing of IP options. When this sysctl is set to 0, IP options are ignored and passed unmodified; set to 1, all IP options are processed (default); and set to 2, all packets with IP options are rejected with an ICMP filter
prohibited message.

Some bugs in the IPsec implementation from the KAME Project have been fixed. These
bugs were related to freeing memory objects before all references to them were removed,
and could cause erratic behavior or kernel panics after flushing the Security Policy
Database (SPD).

natd(8) now
supports multiple instances via a new option globalports. This
allows natd(8) to bind
to different network interfaces and share load.

PFIL_HOOKS support is now always compiled into the kernel,
and the associated kernel compile options have been removed. All of the packet filter
subsystems that FreeBSD supports now use the PFIL_HOOKS
framework.

The link state change notification of Ethernet media support has been added to the
routing socket.

Link Quality Monitoring (LQM) support in ppp(8) has been
reimplemented. LQM, which is described in RFC 1989, allows PPP to keep track of the
quality of a running connection. [MERGED]

The pseudo-interface cloning has been updated and the match function to allow creation
of stf(4)
interfaces named stf0, stf, or
6to4. Note that this breaks backward compatibility; for
example, ifconfig stf now creates the interface named stf, not stf0, and does not print stf0 to stdout.

The following TCP features are now enabled by default: RFC 3042 (Limited Retransmit),
RFC 3390 (increased initial congestion window sizes), TCP bandwidth-delay product
limiting. The sysctls net.inet.tcp.rfc3042, net.inet.tcp.rfc3390, and net.inet.tcp.inflight.enable for these features are available. More
information can be found in tcp(4).

FreeBSD's TCP implementation now includes support for a minimum MSS (settable via the
net.inet.tcp.minmss sysctl variable) and a rate limit on
connections that send many small TCP segments within a short period of time (via the net.inet.tcp.minmssoverload sysctl variable). Connections exceeding
this limit may be reset and dropped. This feature provides protection against a class of
resource exhaustion attacks.

The TCP implementation now includes partial (output-only) support for RFC 2385
(TCP-MD5) digest support. This feature, enabled with the TCP_SIGNATURE and FAST_IPSEC kernel
options, is a TCP option for authenticating TCP sessions. setkey(8) now
includes support for the TCP-MD5 class of security associations. [MERGED]

The TCP connection reset handling has been improved to make several reset attacks as
difficult as possible while maintaining compatibility with the widest range of TCP
stacks.

The implementation of RFC 1948 has been improved. The time offset component of an
Initial Sequence Number (ISN) now includes random positive increments between clock ticks
so that ISNs will always be increasing, no matter how quickly the port is recycled.

The random ephemeral port allocation, which comes from OpenBSD, has been implemented.
This is enabled by default and can be disabled by using the net.inet.ip.portrange.randomized sysctl. [MERGED]

TCP Selective Acknowledgements (SACK) as described in RFC 2018 have been added. This
improves TCP performance over connections with heavy packet loss. SACK can be enabled
with the sysctl net.inet.tcp.sack.enable.

A number of bugs in the ata(4) driver
have been fixed. Most notably, master/slave device detection should work better, and some
problems with timeouts should be resolved.

The ata(4) driver
now supports the Promise command sequencer present on all modern Promise controllers
(PDC203** PDC206**).

Note: This also adds preliminary support for the Promise SX4/SX4000 as a
``normal'' Promise ATA controller; ATA RAID's are supported, but only RAID0, RAID1, and
RAID0+1.

The DA_OLD_QUIRKS kernel option, which is for the CAM SCSI
disk driver (cam(4)), has
been removed. [MERGED]

A bug of the automatic density selection code in the fd(4) driver has been
fixed.

A bug in geom(4) that
could result in I/O hangs in some rare cases has been fixed.

A new GEOM_CONCATgeom(4) class
has been added to concatenate multiple disks to appear as a single larger disk.

A new GEOM_NOPgeom(4) class
for various testing purposes has been added.

A new GEOM_RAID3geom(4) class
for RAID3 transformation and graid3(8)
userland utility have been added.

A new GEOM_STRIPEgeom(4) class
which implements RAID0 transformation has been added. This class has two modes: ``fast''
and ``economic''. In fast mode, when very small stripe size is used, only one I/O request
will be sent to every disk in a stripe; it performs about 10 times faster for small
stripe sizes than economic mode and other RAID0 implementations. While fast mode is used
by default, it consumes more memory than economic mode, which sends requests each time.
Economic mode can be enabled by setting a loader tunable kern.geom.stripe.fast to 0. It is also possible to specify the
maximum memory that fast mode can consume, by setting the loader tunable kern.geom.stripe.maxmem.

GEOM Gate, which consists of a new GEOM_GATEgeom(4) class
and several GEOM Gate userland utilities (ggatel(8), ggatec(8), and
ggated(8)), has
been added. It supports exporting devices, including non geom(4)-aware
devices, through the network.

A new GEOM_LABELgeom(4) class to
detect volume labels on various file systems, such as UFS, MSDOSFS (FAT12, FAT16, FAT32),
and ISO9660, has been added.

A new GEOM_GPTgeom(4) class,
which supports GUID Partition Table (GPT) partitions and the ability to have a large
number of partitions on a single disk, has been added into GENERIC by default.

A new GEOM_MIRRORgeom(4) class to
support RAID1 functionality has been added. The gmirror(8)
utility can be used for control of this class.

A new GEOM_UZIPgeom(4) class to
implement read-only compressed disks has been added. This currently supports cloop V2.0
disk compression format.

The EXT2FS file system code now includes partial support for large (> 4GB) files.
This support is partial in that it will refuse to create large files on file systems that
have not been upgraded to EXT2_DYN_REV or that do not have the
EXT2_FEATURE_RO_COMPAT_LARGE_FILE flag set in the
superblock.

A panic in the NFSv4 client has been fixed; this occurred when attempting operations
against an NFSv3/NFSv2-only server.

The MSDOSFS_LARGE kernel option has been added to support
FAT32 file systems bigger than 128GB. This option is disabled by default. It uses at
least 32 bytes of kernel memory for each file on disk; furthermore it is only safe to use
in certain controlled situations, such as read-only mount with less than 1 million files
and so on. Exporting these large file systems over NFS is not supported.

The SMBFS client now has support for SMB request signing, which prevents ``man in the
middle'' attacks and is required in order to connect to Windows 2003 servers in their
default configuration. As signing each message imposes a significant performance penalty,
this feature is only enabled if the server requires it; this may eventually become an
option to mount_smbfs(8).

The ALTQ framework has been imported from a KAME snapshot
as of 7 June 2004. This import breaks ABI compatibility of struct
ifnet and requires all network drives to be recompiled. Additionally, some of the
networking drivers have been modified to support the ALTQ framework. Updated drivers are
bfe(4), em(4), fxp(4), em(4), lnc(4), tun(4), de(4), rl(4), sis(4), and xl(4).

IPFilter has been updated from version 3.4.31 to version
3.4.35 [MERGED].

acpidump(8) now
supports SSDT tables. Dumping or disassembling the DSDT will now include the contents if
there are any SSDT table as well.

bsdlabel(8) now
supports a -f option to work on files instead of disk
partitions.

bsdtar(1) is now
the default tar(1) utility
in the FreeBSD base system. /usr/bin/tar is a symlink pointing
to /usr/bin/bsdtar by default. To return to using /usr/bin/gtar by default, the WITH_GTAR
make variable can be used.

The bthidcontrol and bthidd
commands, which support Bluetooth HIDs (Human Interface Devices), have been added.

conscontrol(8)
now supports set and unset commands
which set/unset the virtual console. unset makes output from
the system, such as the kernel printf(9),
always go to the real main console. This is an interface to the tty ioctl TIOCCONS.

The cron(8) daemon
accepts two new options, -j and -J,
to enable time jitter for jobs to run as unprivileged users and the superuser,
respectively. Time jitter means that cron(8) will
sleep for a small random period of time in the specified range before executing a job.
This feature is intended to smooth load peaks appearing when a lot of jobs are scheduled
for a particular moment. [MERGED]

cut(1)'s -c, -d, and -f
options now work correctly in locales with multibyte characters.

dd(1) now supports a
fillchar option to specify an alternative padding character
when using a conversion mode, or when using noerror with sync and an input error occurs.

df(1) now supports a
-c option to display a grand total of statistics for file
systems.

A bug in df(1), which can
print invalid information when a -t option is specified and a
mount point is not accessible by the calling user, has been fixed.

The doscmd utility has been removed from the FreeBSD base
system. It is now available via the emulators/doscmd port in the FreeBSD Ports Collection.

dump(8) and restore(8) now
support a -P option to specify backup methods other than files
and tapes. The argument is passed to a normal sh(1) pipeline with
either the $DUMP_VOLUME or $RESTORE_VOLUME environment variable defined, respectively. For
more information, see dump(8) and restore(8).

The eeprom(8)
utility to display and modify system configurations stored in EEPROM or NVRAM has been
added. The current implementation supports systems equipped with Open Firmware.

The find(1) utility
now supports a -acl primary to locate files with acl(3).

The find(1) utility
now supports a new primary -depth n which tests whether the depth of the current file
relative to the starting point of the traversal is n.
[MERGED]

ftpd(8) now
opens a socket for a data transfer in active mode using the effective UID of the current
user, not root. This is useful for matching anonymous FTP data
traffic with a single ipfw(8) rule
with uid.

The ftw(3) and nftw(3)
functions to traverse a directory hierarchy have been implemented.

The geom(8) utility
for operating on geom(4) classes
from the userland has been added.

gpt(8), a GUID
partition table maintenance utility, now supports a remove
command. Its add command now supports a -i option, which allows the user to specify the partition number of
a new partition.

id(1) now supports a
-M option to print the MAC label of the current process.

ifconfig(8) now
supports renaming of network interfaces at run-time using the name parameter.

ifconfig(8) now
provides the vlanmtu and -vlanmtu
options, which control the capability of some Ethernet interfaces to receive extended
frames (i.e. frames containing more than 1500 bytes of payload).

ifconfig(8) now
provides the vlanhwtag and -vlanhwtag
options, which control the capability of some Ethernet interfaces to process VLAN tags in
the hardware.

indent(1) now
supports a -ldi option to control indentation of local
variables. A number of other tunings were made to this utility.

indent(1) now
supports -fbs and -ut for function
declarations with the opening brace on the same line as the declaration of arguments all
spaces and no tabs in order to fix problem when non-8 space tabs are used.

ip6fw(8) now
supports a -n flag to stop it from making any changes to the
rules in the kernel.

ipcs(1) now
supports a -u option to display information about IPC
mechanisms owned by the specified user.

ipfw(8) now
supports a -b flag to print only the action and comment for
each rule, thus omitting the rule body.

jail(8) now
supports a -U option to run a command as a user which exists
only in the jail(2)
environment.

jail(8) now
supports a -l option to clean the environment. All environment
variables are discarded except for HOME, SHELL, PATH, TERM, and USER before running the jailed
program under a specific user's credentials. This behavior is similar to that provided by
the su(1)-l option.

kgdb(1), a
kernel debugging utility which uses libgdb and understands
kernel threads, kernel modules, and kvm(3), has been
added.

killall(1) now
supports a -e flag to make the -u
operate on effective, rather than real, user IDs. [MERGED]

libalias(3) now
has support (and a new API) for multiple aliasing instances in a single process. The
existing API has been reimplemented in terms of the new one to preserve
compatibility.

A libarchive library for manipulation of compressed and
uncompressed archive files has been added. More details can be found in libarchive(3).

libdisk now uses the correct PC98 disk partition value for
FreeBSD. This permits the sysinstall(8)
disk partition editor to correctly create a single FreeBSD partition covering the entire
disk. [MERGED]

libdisk now uses d_addr_t for
disk addresses. This allows sysinstall(8) to
properly handle disks and file systems more than 1 TB.

The library formerly known as libkse has been renamed libpthread and is now the default threading library on the i386,
amd64, and ia64 platforms. GCC's -pthread option has been changed to use libpthread rather than libc_r.

Note: Users with older binaries (for example, ports compiled before this change
was made) should use libmap.conf(5)
to map libc_r and/or libkse to libpthread.

Note: Users with NVIDIA-supplied drivers and libraries may need to use a libmap.conf(5)
that maps libpthread references to the older libc_r since these drivers and utilities do not work with libpthread.

libpthread now supports a LIBPTHREAD_SYSTEM_SCOPE environment variable to force 1:1 mode
(using system scope threads). Note that building libpthread
with -DSYSTEM_SCOPE_ONLY flag also forces 1:1 mode, and that
this option is set by default for architectures that do not support M:N mode yet. In
addition, a LIBPTHREAD_PROCESS_SCOPE environment variable can
be used to force M:N mode (using process scope threads). For example:

%env LIBPTHREAD_SYSTEM_SCOPE=yes threaded_app

forces the application threaded_app to use system scope
threads, and

%env LIBPTHREAD_PROCESS_SCOPE=yes threaded_app

forces it to use process scope threads.

A bug in the -d option of look(1) has been
fixed. Also, look(1) now
works correctly in locales with multibyte characters.

ls(1) now treats
filenames as multibyte character strings according to the current LC_CTYPE when determining which characters are printable.

make(1) now
supports the POSIX-compatible + flag in Makefile command lines, which causes a line to be executed even
when -n is specified. This is useful for calls to submakes, for
example.

make(1) now puts
variable assignments from the command line into the MAKEFLAGS
variable as required by POSIX. This causes such variables to be pushed into all sub-makes
called by the make(1) (except
when the MAKEFLAGS variable is explicitly changed in the
sub-make's environment). This makes them also mostly un-overrideable in sub-makes except
on the sub-make's command line.

newsyslog(8) now
allows users to set a debugging option via the newsyslog.conf
file.

newsyslog(8)
uses a new order when processing files to rotate. It first rotates all files that need to
be rotated, then sends a single signal to each process which needs to be signaled, and
finally compresses all the files that were rotated.

A nextwctype(3)
function to iterate over all characters in a particular character class has been
added.

Initial support for UTF-8 versions of all the currently supported system locales has
been added. This is primarily for the benefit of the misc/utf8locale port.

An Israel Hebrew locale he_IL.UTF-8 has been added.

The logins(1)
utility has been added to display information about user and system accounts.

mountd(8) now
supports the -p option, which allows users to specify a known
port for use in firewall rulesets.

netstat(1) now
displays the multicast group memberships present in the system.

newfs(8) and mdmfs(8) now
support a -l flag to enable them to set the MAC multilabel flag
on new file systems without requiring the use of tunefs(8).

patch(1) has
been replaced with a BSD-licensed version from OpenBSD. This includes a --posix option for strict POSIX conformance.

The pgrep(1) and pkill(1)
commands, which come from NetBSD, have been added. They also support a -M option to extract values associated with the name list from the
specified core instead of the default /dev/kmem, and a -N option to extract the name list from the specified system instead
of the default kernel.

ppp(8) now
supports a ``set rad_alive N'' command to enable periodic
RADIUS accounting information being sent to the RADIUS server. [MERGED]

ppp(8) now
supports a ``set pppoe [standard|3Com]'' command to configure the operating mode of an
underlying ng_pppoe(4)
Netgraph node.

ps(1) compatibility
with POSIX/SUSv3 has been improved. The changes include -p for
a list of process IDs, -t for a list of terminal names, -A which is equivalent to -ax, -G for a list of group IDs, -X which is
the opposite of -x, and some minor improvements. For more
information, see ps(1). [MERGED]

ps(1) now supports a
-O emul format option, which prints the name of the system call
emulation environment the process is in.

pw(8) now supports a
-H option, which accepts an encrypted password on a file
descriptor. [MERGED]

A bug in rarpd(8) that
prevents it from working properly when a interface has more than one IP address has been
fixed. [MERGED]

The configuration files used by the resolver(3) now
support the timeout: and attempts:
keywords.

The resolver(3) and
associated interfaces are now much more reentrant and thread-safe. Multiple DNS lookups
can now be run at the same time, showing major improvements in the performance of some
multi-threaded applications. Some multi-threaded programs need to be recompiled; examples
from the Ports Collection are www/mozilla and variants, mail/evolution, devel/gnomevfs, and devel/gnomevfs2.

A bug in script(1) has
been fixed so that it now works correctly if the standard input is closed. This fix
prevents a potentially dangerous interaction with the sysutils/portupgrade package; if it was run non-interactively,
it could remove all out-of-date ports without reinstalling them.

The sdpd(8)
Bluetooth Service Discovery Protocol daemon has been added.

The sha1(1) and rmd160(1)
utilities have been added. Similar to md5(1), they
calculate a message digest of their inputs. [MERGED]

smbmsg(8), a
small utility to send/receive SMBus messages, has been added.

talk(1) now uses
localhost as a default machine name in talkd(8) request
packets when the destination and source are local. This makes talk(1)
dependent on a valid host entry for localhost in /etc/hosts or the DNS.

tftpd(8) now
supports two new options: a -w option allows new files to be
created, and a -U option allows the umask to be set.

top(1) can now
display the current amount of I/O. This feature can be enabled by hitting ``m'' or
passing the command line option -m io.

Many userland utilities in the base system (mostly GNU contributed utilities) now use
the system version of getopt_long(3),
rather than the GNU version.

The diskless script has been split out into hostname, resolve, tmp, and var scripts.

The gbde_swap script, which supports gbde-enabled swap
devices, has been added. When the gbde_swap_enable variable is
specified in rc.conf(5), a
swap device named /dev/foo.bde
in fstab(5) is
automatically attached at boot time with the device /dev/foo and a random key, which is generated by computing the
MD5 checksum of 512 bytes read from /dev/random. Note that this
prevents recovery of kernel dumps.

The ip6addrctl_enable and ip6addrctl_verbose variables have been added. When ip6addrctl_enable is set to YES, the
address selection policy is installed into the kernel. If /etc/ip6addrctl.conf exists, it will be used; otherwise, a default
policy will be installed. The default policy is one described in RFC 3484 when ipv6_enable is set to YES. Otherwise,
the priority policy for IPv4 address will be used as a default policy.

The mixer script has been added. It saves the current
settings of all audio mixers present in the system on shutdown and restores the settings
on boot.

The named script has been updated to support BIND 9 in the base system. The changes include:

named(8) runs in
a chroot(2)
directory /var/named by default. The named_chrootdir variable can be used to disable this behavior or to
change the chroot(2)
directory.

When the named_chroot_autoupdate variable is set to YES (the default), the chroot directory is automatically configured
at the boot time. A symbolic link which points to /var/named/etc/namedb is created as /etc/namedb, and a symbolic link which points to /var/named/var/run/named/pid is created as /var/run/named/pid. The latter can be disabled by using the named_symlink_enable variable in rc.conf.

The ACPI-CA code has been updated from the 20030619
snapshot to the 20040527 snapshot.

The AMD (am-utils) has been updated from version 6.0.9 to
version 6.0.10p1.

awk from Bell Labs has been updated from the 29 July 2003
release to the 7 February 2004 release.

BIND has been updated from version 8.3.1-REL to version
9.3.0.

CVS has been updated from version 1.11.15 to version
1.11.17. [MERGED]

The FILE has been updated from version 3.41 to version
4.10.

gdtoa (a library that performs conversions of numbers
between binary and decimal form) has been updated from version 20030324 to version
20040118.

GDB has been updated to version 6.1.1.

GNU Binutils has been updated to a 23 May 2004 snapshot
from the FSF 2.15 branch.

GNU GCC has been updated from 3.3.3-prerelease as of 6
November 2003 to 3.4.2-prerelease as of 28 July 2004.

GNU grep has been updated from version 2.4d to version
2.5.1.

GNU less has been updated from version 371 to version
381.

GNU readline 4.3 has been updated with official patches 001
through 005.

The GNU regex library has been updated to the version
included with GNU grep 2.5.1.

GNU sort has been updated from textutils 2.1 to a coreutils
snapshot as of 12 August 2004.

The GNU tar implementation in the base system is now called
gtar.

Heimdal Kerberos has been updated from version 0.6 to
version 0.6.1.

The ISC DHCP client has been updated from version 3.0.1
RC10 to version 3.0.1.

libpcap has been updated from version 0.7.1 to version
0.8.3.

lukemftpd has been updated from a snapshot as of 3 November
2003 to one as of 9 August 2004.

NTP has been updated from version 4.1.1a to version
4.2.0.

OpenPAM has been updated from the Dogwood release to the
Eelgrass release.

OpenSSH has been updated from version 3.6.1p1 to version
3.8.1p1.

Note: The configuration defaults for sshd(8) have
been changed. SSH protocol version 1 is no longer enabled by default. In addition,
password authentication over SSH is disabled by default if PAM is enabled.

OpenSSL has been updated from version 0.9.7c to version
0.9.7d. [MERGED]

pf, OpenBSD's packet filter as of OpenBSD 3.5-stable, has
been imported into the FreeBSD source tree and is now installed by default. Two new users
(proxy and _pflogd) and three new
groups (authpf, proxy, and _pflogd), which pf needs, have been
added as well.

Note: On upgrading from source, these user accounts must be added in advance.
mergemaster -p can be used to assist in creating the proper
entries in the passwd(5) and group(5) files.
The NO_PF variable in make.conf can
be used to prevent pf from building.

routed has been updated from release 2.22 to release 2.27
from rhyolite.com. Note that for users relying on RIP's MD5 authentication feature, routed(8) routed
is now incompatible with previous versions of FreeBSD; however, it is now compatible with
implementations from Sun, Cisco and other vendors.

sendmail has been updated from version 8.12.10 to version
8.13.1. [MERGED]

tcpdump has been updated from version 3.7.1 to version
3.8.3.

tcsh has been updated from version 6.11 to version
6.13.00.

The timezone database has been updated from tzdata2003a to
tzdata2004e.

Most of the startup/shutdown scripts installed by various ports now use the new rc(8) framework
introduced in FreeBSD 5.X, while some ports still use the
old-style scripts. On startup, the new rc(8) style scripts
are executed before the old-style scripts. On shutdown, exactly the reverse happens.

The SIZE attribute for distfiles, which can be used for
checking file sizes before fetching, has been added and enabled by default. DISABLE_SIZE is a user control knob to disable the distfile size
checking. This is especially useful on old FreeBSD versions which did not have fetch(1) support
for this, and for some FTP proxies which always report incorrect or bogus sizes.

Two new files have been added to the ports tree to track noteworthy changes: ports/CHANGES lists major changes to the Ports Collection and its
infrastructure. ports/UPDATING describes some potential
pitfalls that can be encountered when updating certain ports, analogous to src/UPDATING for the base system.

The version number parsing code has been rewritten in the system pkg_* tools, restoring compatibility with 4.x and sysutils/portupgrade.

The package tools can now match packages with relational operators and csh-style {...} choices. For example:

#pkg_info -I 'docbook>=3.0'

will list (all) docbook DTDs with at least version 3.0. Additional command line
options have also been added to aid pattern matching.

The package tools have improved handling of corrupt package databases.

pkg_create(1)
now supports a -S option to make all @cwd paths be prefixed during package creation.

pkg_info(1) now
supports a -j option to show the requirements script for each
package.

The building process for boot floppy images has been completely overhauled. The most
significant change is that the loader now boots a stock GENERIC
kernel split across multiple disks (two at the time of this writing). This greatly
improves installations that begin with a boot from floppy disk, because they now use
exactly the same kernel (and thus support the same hardware) as CDROM installations. The
stripped-down MFSROOT kernel is no longer needed, and the mfsroot image no longer requires kernel modules. The boot.flp and driver.flp images are also
obsolete and no longer built.

FreeBSD cryptography support is no longer an optional component of releases, and the
crypto release distribution is now part of base. Note that the -DNOCRYPT build
option still exists for anyone who really wants to build non-cryptographic binaries.

The supported release of GNOME has been updated from
version 2.4 to version 2.6.2.

Users with existing FreeBSD systems are highly encouraged to read the ``FreeBSD 5.3-RELEASE Migration
Guide''. This document generally has the filename MIGRATE5.TXT
on the distribution media, or any other place that the release notes can be found. It
offers some notes on migrating from FreeBSD 4.X, but more
importantly, also discusses some of the relative merits of upgrading to FreeBSD 5.X versus running FreeBSD 4.X.

Important: Upgrading FreeBSD should, of course, only be attempted after backing
up all data and configuration
files.